Cloudflare #workers-discussions

Join Discord

Skye

03/04/2023, 5:08 PM

What do you mean by that?

Skye

03/04/2023, 5:10 PM

~~I'd recommend you read - it might help you understand more~~

Skye

03/04/2023, 5:11 PM

Actually no, it's not that one, let me find it

GuillaumeLakano

03/04/2023, 5:14 PM

Yeah I understood it's duration pricing model for unbound

Skye

03/04/2023, 5:15 PM

Ah this diagram shows it

Skye

03/04/2023, 5:16 PM

The dark blue is the places where you're actually billed - specifically because on unbound mode you're billed for the duration the worker is alive

Skye

03/04/2023, 5:16 PM

That concept isn't a thing for bundled, so it doesn't matter there

GuillaumeLakano

03/04/2023, 5:17 PM

Ok, I've just understood your point, so my solution with worker (A) is not good.

Skye

03/04/2023, 5:19 PM

Yeah, you'd be adding an unnecessary extra step for the same end result

dave

03/05/2023, 1:45 AM

Is there any other downside with using the workers.dev route for things like a webhook listener?

dave

03/05/2023, 1:47 AM

ah right possible rate limits it seems? https://discord.com/channels/595317990191398933/779390076219686943/1066090962268471387

Chaika

03/05/2023, 1:48 AM

There's no rate limits by default, we were just talking about adv. rate limiting behavior with workers

Chaika

03/05/2023, 1:49 AM

The downsides I can think of are: Each new worker gets issued a tls/ssl cert so they get visited by bots pretty quickly No Zone level controls or analytics (No WAF, Firewall rules, etc)

Unsmart | Tech debt

03/05/2023, 1:50 AM

There are rate limits in some aspect to the workers.dev im pretty sure but you dont really have any control over the firewall settings that trigger if it should be blocked or not

dave

03/05/2023, 1:50 AM

hmm right, so probably safer to do a custom domain anyway?

Chaika

03/05/2023, 1:50 AM

I think Workers in general have some max request per IP rate limit, but is that exclusive to workers.dev? Edit : Looks like it's not, at least for that one , not sure about other ones

Unsmart | Tech debt

03/05/2023, 1:50 AM

Yeah

Chaika

03/05/2023, 1:52 AM

As far as I know it's not like r2.dev where it's not recommended for production use at all, but using a custom domain will just give you more control/insight. I usually use Worker Custom Domains and then delete the generated cert afterwards if not needed, makes it pretty easy

dave

03/05/2023, 1:54 AM

I have the paid total TLS thingy which makes it nice

dave

03/05/2023, 2:28 AM

oh hmm odd, Zaraz runs in front of CF Workers

dave

03/05/2023, 2:28 AM

that's both good and bad depending 😛

Erisa | Support Engineer

03/05/2023, 2:39 AM

lots of stuff does

dave

03/05/2023, 3:21 AM

hmm

dave

03/05/2023, 3:21 AM

is there no secure/safe string comparison in V8?

kian

03/05/2023, 3:25 AM

there's a timingSafeEqual under crypto

kian

03/05/2023, 3:25 AM

dave

03/05/2023, 3:30 AM

oooooo

Unsmart | Tech debt

03/05/2023, 3:34 AM

interesting 🤔

dave

03/05/2023, 5:09 AM

is there a sane way to put env var objects in a secret?

dave

03/05/2023, 5:45 AM

if I have a Worker that just makes POST requests (it's basically a proxy) that take 0.5 to 2 seconds, bundled will be way cheaper, right?